From 4afbaf40dcdc0d3c680e6b1537a83aed59612303 Mon Sep 17 00:00:00 2001 From: Alexis Mousset Date: Thu, 4 Mar 2021 17:40:59 +0100 Subject: [PATCH] Work in progress --- agent/sources/client/config/agent.conf | 11 + agent/sources/client/src/cli.c | 82 ++++-- agent/sources/client/src/config.c | 144 ++++++----- agent/sources/client/src/config.h | 19 ++ agent/sources/client/src/http.c | 244 ++++++++++++++++-- agent/sources/client/src/http.h | 1 + agent/sources/client/src/utils.c | 46 +++- agent/sources/client/src/utils.h | 12 +- agent/sources/client/tests/certs/README | 6 + agent/sources/client/tests/certs/agent.cert | 33 +++ agent/sources/client/tests/certs/agent.priv | 54 ++++ agent/sources/client/tests/certs/agent.pub | 13 + agent/sources/client/tests/certs/server.cert | 33 +++ .../client/tests/certs/server.nopass.priv | 51 ++++ agent/sources/client/tests/certs/server.priv | 54 ++++ agent/sources/client/tests/certs/server.pub | 13 + agent/sources/client/tests/config/agent.toml | 9 - .../sources/client/tests/config/complete.toml | 12 + agent/sources/client/tests/config/test.toml | 9 + agent/sources/client/tests/config/uuid.hive | 1 + agent/sources/client/tests/run.c | 30 ++- agent/sources/client/tests/server.py | 27 ++ 22 files changed, 771 insertions(+), 133 deletions(-) create mode 100644 agent/sources/client/tests/certs/README create mode 100644 agent/sources/client/tests/certs/agent.cert create mode 100644 agent/sources/client/tests/certs/agent.priv create mode 100644 agent/sources/client/tests/certs/agent.pub create mode 100644 agent/sources/client/tests/certs/server.cert create mode 100644 agent/sources/client/tests/certs/server.nopass.priv create mode 100644 agent/sources/client/tests/certs/server.priv create mode 100644 agent/sources/client/tests/certs/server.pub delete mode 100644 agent/sources/client/tests/config/agent.toml create mode 100644 agent/sources/client/tests/config/complete.toml create mode 100644 agent/sources/client/tests/config/test.toml create mode 100644 agent/sources/client/tests/config/uuid.hive create mode 100644 agent/sources/client/tests/server.py diff --git a/agent/sources/client/config/agent.conf b/agent/sources/client/config/agent.conf index cff14e1627b..4c5776c5c9e 100644 --- a/agent/sources/client/config/agent.conf +++ b/agent/sources/client/config/agent.conf @@ -1,5 +1,8 @@ # This file configures the way the Rudder agent connects to its server +# By default it is read from uuid.hive +#my_id = "root" + # By default server is read for policy_server.dat #server = "rudder.example.com" @@ -24,4 +27,12 @@ # Port used for CFEngine protocol (unix only) #cfengine_port = 5309 +# Skip certificate verification. Must not be used in production. #insecure = false + +# For storing temporary files +#tmp_dir = "/var/rudder/tmp" +#tmp_dir = "C:\Program Files\Rudder\tmp" + +#policies_dir = "/var/rudder/cfengine-community/inputs/" +#policies_dir = "C:\Program Files\Rudder\policy\" diff --git a/agent/sources/client/src/cli.c b/agent/sources/client/src/cli.c index c66a382d3bc..ccdf2e16940 100644 --- a/agent/sources/client/src/cli.c +++ b/agent/sources/client/src/cli.c @@ -16,11 +16,13 @@ #define REG_EXTENDED 1 #define REG_ICASE (REG_EXTENDED << 1) -void help(const char* progname, void* upload_report, void* upload_inventory, +void help(const char* progname, void* get_server_id, void* upload_report, void* upload_inventory, void* argtable_no_action) { printf("Client for Rudder's communcation protocol\n\n"); printf("USAGE:\n"); printf(" %s", progname); + arg_print_syntax(stdout, get_server_id, "\n"); + printf(" %s", progname); arg_print_syntax(stdout, upload_report, "\n"); printf(" %s", progname); arg_print_syntax(stdout, upload_inventory, "\n"); @@ -60,46 +62,60 @@ int start(int argc, char* argv[]) { // define cli arguments ///////////////////////////////////////// + // The goal here is to provide an interface abstracting the network part + // It should use business names, and hide the communication complexity. + // Adding new subcommands is quite inconvenient - // upload_report [-v] --user= --password= + // common options + // --config local_config_file --policy_config policy_config_file + + // get_server_id [-v] + struct arg_rex* get_server_id_cmd = + arg_rex1(NULL, NULL, "get_server_id", NULL, REG_ICASE, NULL); + struct arg_lit* get_server_id_verbose = arg_lit0("v", "verbose", "verbose output"); + struct arg_str* get_server_id_config = arg_str0("c", "config", "", "configuration file"); + struct arg_end* get_server_id_end = arg_end(20); + void* get_server_id[] = { get_server_id_cmd, get_server_id_verbose, get_server_id_config, + get_server_id_end }; + int get_server_id_errors; + + *get_server_id_config->sval = DEFAULT_CONF_FILE; + + // upload_report [-v] struct arg_rex* upload_report_cmd = arg_rex1(NULL, NULL, "upload_report", NULL, REG_ICASE, NULL); struct arg_lit* upload_report_verbose = arg_lit0("v", "verbose", "verbose output"); struct arg_str* upload_report_config = arg_str0("c", "config", "", "configuration file"); - struct arg_str* upload_report_policy_config = - arg_str0("p", "policy_config", "", "policy configuration file"); struct arg_file* upload_report_file = arg_file1(NULL, NULL, NULL, NULL); struct arg_end* upload_report_end = arg_end(20); - void* upload_report[] = { upload_report_cmd, upload_report_verbose, - upload_report_config, upload_report_policy_config, - upload_report_file, upload_report_end }; + void* upload_report[] = { upload_report_cmd, upload_report_verbose, upload_report_config, + upload_report_file, upload_report_end }; int upload_report_errors; *upload_report_config->sval = DEFAULT_CONF_FILE; - *upload_report_config->sval = DEFAULT_POLICY_CONF_FILE; - // upload_inventory [-v] [--new] [--user=] [--password=] + // upload_inventory [-v] [--new] struct arg_rex* upload_inventory_cmd = arg_rex1(NULL, NULL, "upload_inventory", NULL, REG_ICASE, NULL); struct arg_lit* upload_inventory_verbose = arg_lit0("v", "verbose", "verbose output"); struct arg_str* upload_inventory_config = arg_str0("c", "config", "", "configuration file"); - struct arg_str* upload_inventory_policy_config = - arg_str0("p", "policy_config", "", "policy configuration file"); struct arg_lit* upload_inventory_new = arg_lit0("n", "new", "inventory for a new node"); struct arg_file* upload_inventory_file = arg_file1(NULL, NULL, NULL, NULL); struct arg_end* upload_inventory_end = arg_end(20); void* upload_inventory[] = { upload_inventory_cmd, upload_inventory_verbose, - upload_inventory_config, upload_report_policy_config, - upload_inventory_new, upload_inventory_file, - upload_inventory_end }; + upload_inventory_config, upload_inventory_new, + upload_inventory_file, upload_inventory_end }; int upload_inventory_errors; *upload_inventory_config->sval = DEFAULT_CONF_FILE; - *upload_inventory_config->sval = DEFAULT_POLICY_CONF_FILE; - /* no action: [--help] [--version] */ + // handles tmp copy and replacement + // update_policies [-v] + // FIXME ifdef windows + + // no action: [--help] [--version] struct arg_lit* no_action_help = arg_lit0("h", "help", "print this help and exit"); struct arg_lit* no_action_version = arg_lit0("V", "version", "print version information and exit"); @@ -111,8 +127,8 @@ int start(int argc, char* argv[]) { int exitcode = EXIT_SUCCESS; /* verify all argtable[] entries were allocated successfully */ - if (arg_nullcheck(upload_report) != 0 || arg_nullcheck(upload_inventory) != 0 - || arg_nullcheck(no_action) != 0) { + if (arg_nullcheck(get_server_id) != 0 || arg_nullcheck(upload_report) != 0 + || arg_nullcheck(upload_inventory) != 0 || arg_nullcheck(no_action) != 0) { /* NULL entries were detected, some allocations must have failed */ printf("%s: insufficient memory\n", progname); exitcode = 1; @@ -123,6 +139,7 @@ int start(int argc, char* argv[]) { // try the different argument parsers ///////////////////////////////////////// + get_server_id_errors = arg_parse(argc, argv, get_server_id); upload_report_errors = arg_parse(argc, argv, upload_report); upload_inventory_errors = arg_parse(argc, argv, upload_inventory); no_action_errors = arg_parse(argc, argv, no_action); @@ -130,11 +147,11 @@ int start(int argc, char* argv[]) { // help and version are special and treated first if (no_action_errors == 0) { if (no_action_help->count > 0) { - help(progname, upload_report, upload_inventory, no_action); + help(progname, get_server_id, upload_report, upload_inventory, no_action); } else if (no_action_version->count > 0) { version(progname); } else { - help(progname, upload_report, upload_inventory, no_action); + help(progname, get_server_id, upload_report, upload_inventory, no_action); exitcode = EXIT_FAILURE; } goto exit; @@ -145,17 +162,22 @@ int start(int argc, char* argv[]) { const char* config_file = NULL; const char* policy_config_file = NULL; - if (upload_report_errors == 0) { + if (get_server_id_errors == 0) { + verbose = get_server_id_verbose->count > 0; + config_file = *get_server_id_config->sval; + } else if (upload_report_errors == 0) { verbose = upload_report_verbose->count > 0; config_file = *upload_report_config->sval; - policy_config_file = *upload_report_policy_config->sval; } else if (upload_inventory_errors == 0) { verbose = upload_inventory_verbose->count > 0; config_file = *upload_inventory_config->sval; - policy_config_file = *upload_inventory_policy_config->sval; } else { /* We get here if the command line matched none of the possible syntaxes */ - if (upload_report_cmd->count > 0) { + if (get_server_id_cmd->count > 0) { + arg_print_errors(stdout, get_server_id_end, progname); + printf("usage: %s ", progname); + arg_print_syntax(stdout, get_server_id, "\n"); + } else if (upload_report_cmd->count > 0) { arg_print_errors(stdout, upload_report_end, progname); printf("usage: %s ", progname); arg_print_syntax(stdout, upload_report, "\n"); @@ -164,7 +186,7 @@ int start(int argc, char* argv[]) { printf("usage: %s ", progname); arg_print_syntax(stdout, upload_inventory, "\n"); } else { - help(progname, upload_report, upload_inventory, no_action); + help(progname, get_server_id, upload_report, upload_inventory, no_action); } exitcode = EXIT_FAILURE; goto exit; @@ -187,14 +209,18 @@ int start(int argc, char* argv[]) { // make actions ///////////////////////////////////////// - if (upload_report_errors == 0) { - upload_file(config, verbose, *upload_report_file->filename, UploadReport, false); + if (get_server_id_errors == 0) { + exitcode = get_id(config, verbose); + } else if (upload_report_errors == 0) { + exitcode = upload_file(config, verbose, *upload_report_file->filename, UploadReport, false); } else if (upload_inventory_errors == 0) { bool is_new = upload_inventory_new->count > 0; - upload_file(config, verbose, *upload_report_file->filename, UploadInventory, is_new); + exitcode = + upload_file(config, verbose, *upload_report_file->filename, UploadInventory, is_new); } exit: + arg_freetable(get_server_id, sizeof(get_server_id) / sizeof(get_server_id[0])); arg_freetable(upload_inventory, sizeof(upload_inventory) / sizeof(upload_inventory[0])); arg_freetable(upload_report, sizeof(upload_report) / sizeof(upload_report[0])); arg_freetable(no_action, sizeof(no_action) / sizeof(no_action[0])); diff --git a/agent/sources/client/src/config.c b/agent/sources/client/src/config.c index 178aa23b2bd..db48d767577 100644 --- a/agent/sources/client/src/config.c +++ b/agent/sources/client/src/config.c @@ -7,7 +7,6 @@ #include #include #include -#include // stat #include "log.h" #include "utils.h" @@ -16,21 +15,34 @@ void config_default(Config* config) { config->insecure = false; config->server = NULL; + config->my_id = NULL; #ifdef __unix__ - config->server_cert = strdup("/var/rudder/cfengine-community/ppkeys/policy_server.cert"); + config->server_cert = strdup_compat("/var/rudder/cfengine-community/ppkeys/policy_server.cert"); // Not used for now on unix - config->agent_key = strdup("/var/rudder/cfengine-community/ppkeys/localhost.priv"); + config->agent_key = strdup_compat("/var/rudder/cfengine-community/ppkeys/localhost.priv"); // Not used for now on unix - config->agent_cert = strdup("/opt/rudder/etc/ssl/agent.cert"); + config->agent_cert = strdup_compat("/opt/rudder/etc/ssl/agent.cert"); #elif _WIN32 - config->server_cert = strdup("C:\\Program Files\\Rudder\\etc\\ssl\\policy_server.cert"); - config->agent_cert = strdup("C:\\Program Files\\Rudder\\etc\\ssl\\localhost.cert"); - config->agent_key = strdup("C:\\Program Files\\Rudder\\etc\\ssl\\localhost.priv"); + config->server_cert = strdup_compat("C:\\Program Files\\Rudder\\etc\\ssl\\policy_server.cert"); + config->agent_cert = strdup_compat("C:\\Program Files\\Rudder\\etc\\ssl\\localhost.cert"); + config->agent_key = strdup_compat("C:\\Program Files\\Rudder\\etc\\ssl\\localhost.priv"); #endif config->https_port = 443; config->proxy = NULL; - config->user = strdup("rudder"); - config->password = strdup("rudder"); + config->user = strdup_compat("rudder"); + config->password = strdup_compat("rudder"); + +#ifdef __unix__ + config->tmp_dir = strdup_compat("/var/rudder/tmp"); +#elif _WIN32 + config->tmp_dir = strdup_compat("C:\\Program Files\\Rudder\\tmp"); +#endif + +#ifdef __unix__ + config->policies_dir = strdup_compat("/var/rudder/cfengine-community/inputs/"); +#elif _WIN32 + config->policies_dir = strdup_compat("C:\\Program Files\\Rudder\\policy\\"); +#endif } void config_free(Config* config) { @@ -41,6 +53,9 @@ void config_free(Config* config) { free(config->agent_key); free(config->user); free(config->password); + free(config->tmp_dir); + free(config->policies_dir); + free(config->my_id); } bool read_string_value(toml_table_t* conf, const char* const key, bool required, char** value) { @@ -89,14 +104,6 @@ bool read_bool_value(toml_table_t* conf, const char* const key, bool required, b } } -bool file_exists(const char* path) { - if (path == NULL) { - return false; - } - struct stat buffer; - return (stat(path, &buffer) == 0); -} - bool parse_toml(const char* path, toml_table_t** conf) { FILE* fp = fopen(path, "r"); if (fp == NULL) { @@ -115,22 +122,35 @@ bool parse_toml(const char* path, toml_table_t** conf) { return true; } -bool policy_server_read(const char* path, char** output) { - FILE* fp = fopen(path, "r"); - if (fp == NULL) { - error("cannot open %s: %s", path, strerror(errno)); - return false; - } +bool fallback_in_file(const char* file, char** property, bool is_in_config) { + bool res = true; - char buffer[255]; - char* res = fgets(buffer, sizeof(buffer), fp); - if (res == NULL) { - error("cannot read: %s", path, strerror(errno)); - return false; + if (is_in_config == false) { + debug("Falling back to '%s' for node id configuration", file); + char* output = NULL; + res = read_file_content(file, &output); + if (res == false) { + return false; + } + free(*property); + *property = output; + } else { + debug("Check '%s' for policy server configuration consistency", file); + if (file_exists(file)) { + char* output = NULL; + res = read_file_content(file, &output); + if (res == false) { + return false; + } + if (strcmp(output, *property) != 0) { + warn( + "Node id configured in configuration ('%s') does not match value from '%s' ('%s')", + *property, file, output); + } + free(output); + } } - // strip \n - res[strcspn(res, "\n")] = 0; - *output = strdup(res); + return true; } @@ -145,39 +165,30 @@ bool local_config_parse(const char* path, Config* config) { return false; } + // Special case for policy server res = read_string_value(conf, "server", true, &config->server); + res = fallback_in_file(POLICY_SERVER_DAT, &config->server, res); if (res == false) { - debug("Falling back to '%s' for policy server configuration", POLICY_SERVER_DAT); - char* output = NULL; - res = policy_server_read(POLICY_SERVER_DAT, &output); - if (res == false) { - result = false; - goto exit; - } - free(config->server); - config->server = output; - } else { - debug("Check '%s' for policy server configuration consistency", POLICY_SERVER_DAT); - if (file_exists(POLICY_SERVER_DAT)) { - char* output = NULL; - res = policy_server_read(POLICY_SERVER_DAT, &output); - if (res == false) { - result = false; - goto exit; - } - if (strcmp(output, config->server) != 0) { - warn("Server configured in '%s' ('%s') does not match value from '%s' ('%s')", path, - config->server, POLICY_SERVER_DAT, output); - } - free(output); - } + result = false; + goto exit; + } + + // Special case for my_id + res = read_string_value(conf, "my_id", true, &config->my_id); + res = fallback_in_file(UUID_HIVE, &config->my_id, res); + if (res == false) { + result = false; + goto exit; } + read_string_value(conf, "server_cert", false, &config->server_cert); read_string_value(conf, "agent_cert", false, &config->agent_cert); read_string_value(conf, "agent_key", false, &config->agent_key); read_string_value(conf, "proxy", false, &config->proxy); read_int_value(conf, "https_port", false, &config->https_port); read_bool_value(conf, "insecure", false, &config->insecure); + read_string_value(conf, "tmp_dir", false, &config->tmp_dir); + read_string_value(conf, "policies_dir", false, &config->policies_dir); exit: toml_free(conf); @@ -202,16 +213,27 @@ bool config_parse(const char* config_path, const char* policy_config_path, Confi if (res == false) { return false; } - } else if (file_exists(POLICY_SERVER_DAT)) { - debug("Falling back to '%s' for policy server configuration as '%s' does not exist", - POLICY_SERVER_DAT, config_path); - char* output = NULL; - bool res = policy_server_read(POLICY_SERVER_DAT, &output); + } else if (file_exists(POLICY_SERVER_DAT) && file_exists(UUID_HIVE)) { + bool res = true; + + debug( + "Falling back to defaults for policy server and node id configuration as '%s' does not exist", + config_path); + char* server = NULL; + res = read_file_content(POLICY_SERVER_DAT, &server); if (res == false) { return false; } free(config->server); - config->server = output; + config->server = server; + + char* id = NULL; + res = read_file_content(UUID_HIVE, &id); + if (res == false) { + return false; + } + free(config->my_id); + config->my_id = id; } else { // we need the server config return false; diff --git a/agent/sources/client/src/config.h b/agent/sources/client/src/config.h index 683236c51ea..fabbb27381b 100644 --- a/agent/sources/client/src/config.h +++ b/agent/sources/client/src/config.h @@ -8,6 +8,8 @@ #include #include +#define PROTOCOL "https" + #ifdef __unix__ # define AGENT_KEY_PASSPHRASE "Cfengine passphrase" #elif _WIN32 @@ -17,9 +19,20 @@ #ifdef DEBUG static const char POLICY_SERVER_DAT[] = "tests/config/policy_server.dat"; #else +// FIXME windows static const char POLICY_SERVER_DAT[] = "/var/rudder/cfengine-community/policy_server.dat"; #endif + +#ifdef DEBUG +static const char UUID_HIVE[] = "tests/config/uuid.hive"; +#else +// FIXME windows +static const char UUID_HIVE[] = "/opt/rudder/etc/uuid.hive"; +#endif + static const char DEFAULT_CONF_FILE[] = "/opt/rudder/etc/agent.conf"; + +// FIXME use base from config instead static const char DEFAULT_POLICY_CONF_FILE[] = "/var/rudder/cfengine-community/inputs/agent.conf"; // Local configuration, allowing to connect @@ -33,12 +46,18 @@ typedef struct config { char* server_cert; // Policy server char* server; + // My id + char* my_id; // Client certificate for our agent char* agent_cert; // Private key of the agent char* agent_key; // Post used for https communication uint16_t https_port; + // Directory for temporary files + char* tmp_dir; + // Policies directory + char* policies_dir; //////////////////////// // come from policy config diff --git a/agent/sources/client/src/http.c b/agent/sources/client/src/http.c index 0ed17ab80bd..7926569b300 100644 --- a/agent/sources/client/src/http.c +++ b/agent/sources/client/src/http.c @@ -1,22 +1,30 @@ // SPDX-License-Identifier: GPL-3.0-or-later // SPDX-FileCopyrightText: 2021 Normation SAS +#ifdef __unix__ +# define _XOPEN_SOURCE 500 +#endif + #include "http.h" #include #include #include +#include // stat #include "argtable3.h" #include "log.h" +#include "utils.h" // Max hostname length is 253, plus path and scheme #define MAX_URL_LEN (255 + 300) +#define MAX_PATH_LEN 255 #define CURL_CHECK(ret) \ if ((ret) != CURLE_OK) { \ - error("curl_easy_setopt() failed: %s", curl_easy_strerror(ret)); \ - return (EXIT_FAILURE); \ + error("curl_easy_setopt() failed: %d %s", ret, curl_easy_strerror(ret)); \ + return (ret); \ }; +// stackoverflow #define SNPRINTF_CHECK(length_needed, size) \ if ((length_needed) < 0 || (unsigned) (length_needed) >= (size)) { \ error("URL buffer too small"); \ @@ -42,6 +50,9 @@ int common_options(CURL* curl, bool verbose, const Config config) { ret = curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); CURL_CHECK(ret); + ret = curl_easy_setopt(curl, CURLOPT_PORT, config.https_port); + CURL_CHECK(ret); + if (config.proxy == NULL) { // Enforce no proxy if not configured // to ignore env vars @@ -74,17 +85,43 @@ int common_options(CURL* curl, bool verbose, const Config config) { CURL_CHECK(ret); } - return EXIT_SUCCESS; + return CURLE_OK; +} + +int client_passwd_auth(CURL** curl, const Config config) { + CURLcode ret = 0; + + ret = curl_easy_setopt(*curl, CURLOPT_USERNAME, config.user); + CURL_CHECK(ret); + ret = curl_easy_setopt(*curl, CURLOPT_PASSWORD, config.password); + CURL_CHECK(ret); + + return CURLE_OK; +} + +int client_cert_auth(CURL** curl, const Config config) { + CURLcode ret = 0; + + ret = curl_easy_setopt(*curl, CURLOPT_SSLCERT, config.agent_cert); + CURL_CHECK(ret); + ret = curl_easy_setopt(*curl, CURLOPT_SSLKEY, config.agent_key); + CURL_CHECK(ret); + ret = curl_easy_setopt(*curl, CURLOPT_SSLKEYPASSWD, AGENT_KEY_PASSPHRASE); + CURL_CHECK(ret); + + return CURLE_OK; } // Make the call int curl_call(CURL* curl) { CURLcode ret = 0; char err_buf[CURL_ERROR_SIZE]; + printf("TOTO2\n"); // Get human-readable error messages ret = curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, err_buf); CURL_CHECK(ret); + printf("TOTO2\n"); // Make the actual request err_buf[0] = 0; @@ -105,16 +142,43 @@ int curl_call(CURL* curl) { return (int) ret; } +//////////////////////////////////////////////// +//////////////////////////////////////////////// + // Make the upload int upload_file(Config config, bool verbose, const char* file, UploadType type, bool new) { CURLcode ret = 0; CURL* curl = NULL; - common_options(curl, verbose, config); + ret = common_options(curl, verbose, config); + CURL_CHECK(ret); + ret = client_passwd_auth(&curl, config); + CURL_CHECK(ret); + ret = curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); + CURL_CHECK(ret); - ret = curl_easy_setopt(curl, CURLOPT_USERNAME, config.user); + // File to upload + FILE* fd = NULL; + fd = fopen(file, "rb"); + if (fd == NULL) { + return EXIT_FAILURE; + } + // FIXME not enough for windows + // https://curl.se/libcurl/c/CURLOPT_READDATA.html + ret = curl_easy_setopt(curl, CURLOPT_READDATA, fd); CURL_CHECK(ret); - ret = curl_easy_setopt(curl, CURLOPT_PASSWORD, config.password); + + // File size + struct stat file_info; +#ifdef __unix__ + int stat_res = fstat(fileno(fd), &file_info); +#elif _WIN32 + int stat_res = fstat(_fileno(fd), &file_info); +#endif + if (stat_res != 0) { + return EXIT_FAILURE; + } + ret = curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, (curl_off_t) file_info.st_size); CURL_CHECK(ret); const char* endpoint = NULL; @@ -138,7 +202,7 @@ int upload_file(Config config, bool verbose, const char* file, UploadType type, // Max hostname length is 253, plus path and scheme char url[MAX_URL_LEN]; - int length_needed = snprintf(url, sizeof(url), "https://%s/%s", config.server, endpoint); + int length_needed = snprintf(url, sizeof(url), "%s://%s/%s", PROTOCOL, config.server, endpoint); SNPRINTF_CHECK(length_needed, sizeof(url)); // URL to use ret = curl_easy_setopt(curl, CURLOPT_URL, url); @@ -151,24 +215,160 @@ int get_id(Config config, bool verbose) { CURLcode ret = 0; CURL* curl = NULL; - common_options(curl, verbose, config); + ret = common_options(curl, verbose, config); + CURL_CHECK(ret); + + printf("TOTOA\n"); char url[MAX_URL_LEN]; - int length_needed = snprintf(url, sizeof(url), "https://%s/uuid", config.server); + int length_needed = snprintf(url, sizeof(url), "%s://%s/uuid", PROTOCOL, config.server); SNPRINTF_CHECK(length_needed, sizeof(url)); + printf("TOTO URL: %s\n", url); + // URL to use ret = curl_easy_setopt(curl, CURLOPT_URL, url); + printf("TOTO41\n"); + + // Capture output to allow testing + CURL_CHECK(ret); + printf("TOTO3\n"); + return curl_call(curl); } -int shared_files_head(Config config, bool verbose, const char* target_id, const char* my_id, - const char* file_id, const char* hash) { +static size_t get_etag(void* ptr, size_t size, size_t nmemb, void* userdata) { + char* etag = calloc(255, 1); + // FIXME Is it correct? + int r = sscanf(ptr, "ETag: %s\n", etag); + if (r != EOF) { + *(char**) userdata = etag; + } else { + free(etag); + } + return size * nmemb; +} + +int update_policies(Config config, bool verbose) { CURLcode ret = 0; CURL* curl = NULL; - common_options(curl, verbose, config); + int length_needed = 0; + + // Define paths + char etag_file[MAX_PATH_LEN]; + length_needed = snprintf(etag_file, sizeof(etag_file), "%s%srudder.etag", config.policies_dir, + PATH_SEPARATOR); + SNPRINTF_CHECK(length_needed, sizeof(etag_file)); + + char zip_file[MAX_PATH_LEN]; + length_needed = + snprintf(zip_file, sizeof(zip_file), "%s%srudder.zip", config.tmp_dir, PATH_SEPARATOR); + SNPRINTF_CHECK(length_needed, sizeof(zip_file)); + + char policies_tmp_dir[MAX_PATH_LEN]; + length_needed = snprintf(policies_tmp_dir, sizeof(policies_tmp_dir), "%s%sdsc", config.tmp_dir, + PATH_SEPARATOR); + SNPRINTF_CHECK(length_needed, sizeof(policies_tmp_dir)); + + char url[MAX_URL_LEN]; + length_needed = snprintf(url, sizeof(url), "%s://%s//policies/%s/rules/dsc/rudder.zip", + PROTOCOL, config.server, config.my_id); + SNPRINTF_CHECK(length_needed, sizeof(url)); + + // Start update + + // Start be removing previous tmp policy dir + + // Then read current etag + char* etag = NULL; + if (file_exists(etag_file)) { + bool read = read_file_content(etag_file, &etag); + if (read == false) { + return EXIT_FAILURE; + } + } + + // Fetch current etag + ret = common_options(curl, verbose, config); + CURL_CHECK(ret); + ret = client_cert_auth(&curl, config); + CURL_CHECK(ret); + // HEAD call + ret = curl_easy_setopt(curl, CURLOPT_NOBODY, 1L); + CURL_CHECK(ret); + ret = curl_easy_setopt(curl, CURLOPT_URL, url); + CURL_CHECK(ret); + + struct curl_slist* list = NULL; + list = curl_slist_append(list, "If-None-Match: "); + curl_easy_setopt(curl, CURLOPT_HTTPHEADER, list); + CURL_CHECK(ret); + + ret = curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, get_etag); + CURL_CHECK(ret); + + char* remote_etag = NULL; + ret = curl_easy_setopt(curl, CURLOPT_HEADERDATA, &remote_etag); + CURL_CHECK(ret); + + ret = curl_call(curl); + CURL_CHECK(ret); + + curl_slist_free_all(list); + + bool update_needed = true; + if (remote_etag == NULL) { + error("Missing ETag in server response, assuming out-of-date policies"); + } else if (etag == NULL) { + debug("No previous ETag found, updating"); + } else { + if (strcmp(etag, remote_etag) == 0) { + debug("Remote ETag '%s' matches latest policies, no need to update", remote_etag); + update_needed = false; + } else { + debug("Remote ETag '%s' does not match latest '%s', updating", remote_etag, etag); + } + } + free(remote_etag); + + if (!update_needed) { + curl_easy_cleanup(curl); + return EXIT_SUCCESS; + } + + /* + + $headers = call_curl -Authenticate -url "$url" -otherParams + "--output","$zipfile","--dump-header","-","--header","If-None-Match: \```"$etag\```"" + $codeheader = echo "$headers" | Select-String -CaseSensitive -Pattern "^HTTP/.*" + if ($codeheader -match "HTTP/[^ ]* 304") { + Write-host "Policies already up to date" + return 0 + } + if (-not ($codeheader -match "HTTP/[^ ]* 200")) { + Write-host "Policy server didn't return OK code" + return 1 + } + $etagheader = echo $headers | Select-String -CaseSensitive -Pattern ETag + if ($etagheader -match "ETag: `"(.*)`"") { + $etag = $matches[1] + } + + */ + + return curl_call(curl); +} + +/* +int shared_files_head(Config config, bool verbose, const char* target_id, const char* file_id, + const char* hash) { + CURLcode ret = 0; + CURL* curl = NULL; + + ret = common_options(curl, verbose, config); + CURL_CHECK(ret); // Make a HEAD request ret = curl_easy_setopt(curl, CURLOPT_NOBODY, 1L); @@ -176,9 +376,10 @@ int shared_files_head(Config config, bool verbose, const char* target_id, const char url[MAX_URL_LEN]; int length_needed = - snprintf(url, sizeof(url), "https://%s/rudder/relay-api/shared-files/%s/%s/%s?hash=%s", - config.server, target_id, my_id, file_id, hash); - SNPRINTF_CHECK(length_needed, sizeof(url)); + snprintf(url, sizeof(url), +"%s://%s:%d/rudder/relay-api/shared-files/%s/%s/%s?hash=%s",PROTOCOL, +config.server,config.https_port, target_id, config.my_id, file_id, hash); +SNPRINTF_CHECK(length_needed, sizeof(url)); // URL to use ret = curl_easy_setopt(curl, CURLOPT_URL, url); CURL_CHECK(ret); @@ -186,12 +387,13 @@ int shared_files_head(Config config, bool verbose, const char* target_id, const return curl_call(curl); } -int shared_files_put(const Config config, bool verbose, const char* target_id, const char* my_id, - const char* file_id, char* ttl) { +int shared_files_put(const Config config, bool verbose, const char* target_id, const char* file_id, + char* ttl) { CURLcode ret = 0; CURL* curl = NULL; - common_options(curl, verbose, config); + ret = common_options(curl, verbose, config); + CURL_CHECK(ret); // Make a PUT request ret = curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); @@ -203,8 +405,9 @@ int shared_files_put(const Config config, bool verbose, const char* target_id, c char url[MAX_URL_LEN]; int length_needed = - snprintf(url, sizeof(url), "https://%s/rudder/relay-api/shared-files/%s/%s/%s?ttl=%s", - config.server, target_id, my_id, file_id, ttl); + snprintf(url, sizeof(url), "%s://%s:%d/rudder/relay-api/shared-files/%s/%s/%s?ttl=%s", + PROTOCOL, + config.server, config.https_port,target_id, config.my_id, file_id, ttl); SNPRINTF_CHECK(length_needed, sizeof(url)); // URL to use ret = curl_easy_setopt(curl, CURLOPT_URL, url); @@ -212,3 +415,4 @@ int shared_files_put(const Config config, bool verbose, const char* target_id, c return curl_call(curl); } +*/ diff --git a/agent/sources/client/src/http.h b/agent/sources/client/src/http.h index 68122e93fe7..767345d0127 100644 --- a/agent/sources/client/src/http.h +++ b/agent/sources/client/src/http.h @@ -9,5 +9,6 @@ int upload_file(Config config, bool verbose, const char* file, UploadType type, bool new); int get_id(Config config, bool verbose); +int update_policies(Config config, bool verbose); #endif /* HTTP_H */ diff --git a/agent/sources/client/src/utils.c b/agent/sources/client/src/utils.c index ef7da7bb4b9..d68e790edd2 100644 --- a/agent/sources/client/src/utils.c +++ b/agent/sources/client/src/utils.c @@ -1,14 +1,48 @@ // SPDX-License-Identifier: GPL-3.0-or-later // SPDX-FileCopyrightText: 2021 Normation SAS +#ifdef __unix__ +# define _XOPEN_SOURCE 500 +#endif + +#include +#include #include #include +#include // stat +#include "log.h" + +char* strdup_compat(const char* s) { +#ifdef __unix__ + return strdup(s); +#elif _WIN32 + return _strdup(s); +#endif +} + +bool read_file_content(const char* path, char** output) { + FILE* fp = fopen(path, "r"); + if (fp == NULL) { + error("cannot open %s: %s", path, strerror(errno)); + return false; + } + + char buffer[1024]; + char* res = fgets(buffer, sizeof(buffer), fp); + if (res == NULL) { + error("cannot read: %s", path, strerror(errno)); + return false; + } + // strip \n + res[strcspn(res, "\n")] = 0; + *output = strdup_compat(res); + return true; +} -char* strdup(const char* s) { - size_t size = strlen(s) + 1; - char* p = calloc(size, 1); - if (p) { - memcpy(p, s, size); +bool file_exists(const char* path) { + if (path == NULL) { + return false; } - return p; + struct stat buffer; + return (stat(path, &buffer) == 0); } diff --git a/agent/sources/client/src/utils.h b/agent/sources/client/src/utils.h index 1f713b4346a..41c4dedd852 100644 --- a/agent/sources/client/src/utils.h +++ b/agent/sources/client/src/utils.h @@ -1,4 +1,14 @@ // SPDX-License-Identifier: GPL-3.0-or-later // SPDX-FileCopyrightText: 2021 Normation SAS -char* strdup(const char* s); +#include + +#ifdef _WIN32 +# define PATH_SEPARATOR "\\" +#else +# define PATH_SEPARATOR "/" +#endif + +char* strdup_compat(const char* s); +bool read_file_content(const char* path, char** output); +bool file_exists(const char* path); diff --git a/agent/sources/client/tests/certs/README b/agent/sources/client/tests/certs/README new file mode 100644 index 00000000000..e14e3f1521d --- /dev/null +++ b/agent/sources/client/tests/certs/README @@ -0,0 +1,6 @@ +(comes from relayd test files) + +CFEngine key pair plus rudder certs or a node and a server. + +* server has id: 37817c4d-fbf7-4850-a985-50021f4e8f41 +* agent has id: e745a140-40bc-4b86-b6dc-084488fc906b \ No newline at end of file diff --git a/agent/sources/client/tests/certs/agent.cert b/agent/sources/client/tests/certs/agent.cert new file mode 100644 index 00000000000..89dfab19498 --- /dev/null +++ b/agent/sources/client/tests/certs/agent.cert @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFqDCCA5CgAwIBAgIUBwF23Wv/ds7TxU8AovuQx6Zd7kAwDQYJKoZIhvcNAQEL +BQAwNjE0MDIGCgmSJomT8ixkAQEMJGU3NDVhMTQwLTQwYmMtNGI4Ni1iNmRjLTA4 +NDQ4OGZjOTA2YjAeFw0xOTA1MTExNjU3NDFaFw0yOTA1MDgxNjU3NDFaMDYxNDAy +BgoJkiaJk/IsZAEBDCRlNzQ1YTE0MC00MGJjLTRiODYtYjZkYy0wODQ0ODhmYzkw +NmIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6iTwlO9GyyK6k7Qh8 +fg4adYWpCDl2Yj/gmwKI8RR/vyIUHAUWnC41cMlcIpoe2mO5zcMDL2Xt+Zn5tCaR +9175CjfIB3Zmwh3zRMFk7Lq4VDKXgBIs2BjxEogXEPr4Cy60jbsp7FKcvdAsKDLC +eF5G/hSvfVroxVjXF9JCcAOu4EFp37lJoXeFOkRwAyDaENCwhzJHfYw9HL0w5Wa8 +GWAjaFmyCH1BB/3BMvEa4zD+kko49HDAWST/luEUG97awvU4jSlGwzqLtLE1dGEz +o1aWY5uE/5nsLo3tNjTRn62LOAROZgnfmWXIieNzWL7RtZqPmndxtIJV1DnOiZnc +v1duxaaOXQ/9zDTqqo0+4tHv30r5HVeAD3idRTOjalWKA+HqyPZcxLwU5ZcxfLZM +0Q4D41BXn69jAiVSLO8H8cdJzdYqo0aAKJ90kGYknxBODlwkTqz73U7314wwBDQR +yP6djlARiRsifiCM2miNqbePJLvajQnieWPgQJtH+uPovlv6SPkXcNtipJ0sL5ys +pQigFkfWawK4lxD1mT9gfDzuJXJahk5W0lRRrDefy8f9gJY8FBHNmn7jOXIhgkgj +P5X8Ullflg1b1eCh5EbxDSY6YvLQVtBRL+SViWl5bc8otJCZxIu+uBmeEozKESiE +LTM5KolTS6LhVRZjm2/VuFtOjwIDAQABo4GtMIGqMAkGA1UdEwQCMAAwHQYDVR0O +BBYEFPwDWUXIzkhMKhXkteqoXeOhD8a1MHEGA1UdIwRqMGiAFPwDWUXIzkhMKhXk +teqoXeOhD8a1oTqkODA2MTQwMgYKCZImiZPyLGQBAQwkZTc0NWExNDAtNDBiYy00 +Yjg2LWI2ZGMtMDg0NDg4ZmM5MDZighQHAXbda/92ztPFTwCi+5DHpl3uQDALBgNV +HQ8EBAMCA7gwDQYJKoZIhvcNAQELBQADggIBAI6Cc/sA8OZFpmDCFRNYxX4fpMlC +aYCjKBIDnA+p7m9wO+/uJ7ApfHPl8cenYYshb8xj1EXY7k2NatxCeTyjdCMKD/85 +oBsvtv+k6nPakFb1C/Wt6BSgofOxOnnk5TzZZ7s7l6VLT1X+bE46bjQyiY/pHsin +MKmJDr1grDavph0q0banPv3kmNeSf8iiCDP72qyztcqTOybN54Vv1Mc8+N4dQRwq +SNxbOaIF/9eYGEWy4fBXvE783tVpSlh01rvM2XVhXIJXyTd+dxEprDDP7QTyiRxN +7jUNGnz5XZ97GqnNsKSymgmsuNpHwvXzE48A67i9VZ2NtfLFRcqyTyEkwj8v14SL +wxpQsx6FqH9fzqerJXw3Bd1OVkBEEPuTVK+6frkjwkzL3J4JdpgmT4+rl6uNEozA +YLGi3mfKfGQkY6gBKEuicHJFiSYBjYDsgQ0RelGxbmQL9F3aD5I4d7luldyJwAH7 +kYO21gYn90MsrJqUStK4jn+2PHpC1jYConv7PWTpldhJhdkdlPkEH7u0txbYs1MF +KeXefGvxeo/SEes2y+aPv377Lprt8UxoT6TKTtu8gX6aSbLhH7H9gIehdumKSJYA +QMz81Pzmael3zt1SyaRDXIxZiNKp0oweqSGaslMe/v3BJBhRoPyjxms4c7j0KE+y +pX1SBAwmvH5KspkO +-----END CERTIFICATE----- diff --git a/agent/sources/client/tests/certs/agent.priv b/agent/sources/client/tests/certs/agent.priv new file mode 100644 index 00000000000..f83abc7b749 --- /dev/null +++ b/agent/sources/client/tests/certs/agent.priv @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,76F6B63B09E9ABF8 + +aYd713PEv8yF2h5Mbwd43/w6xUZciRocQQba8nG/VOcPjElxU9cNJVHhSljXF43Q +agIWsbepQ1PANbvWj4NPS05JBhxbsFZJTqPHvXbCIOafU0uaLCXec9TeJiOeTFVn +9Nfvi+jYHI9W1wItk/18bxowSJwkYtXCNPShmtSlU2Lo7lnFP3YvIAfBRd7Zyf0F +Oe/HlNcHwXjn2hNTbe6qGfXFgA5wwM+p+mPXDvPgbawFwajwb7jkbfAKmbNQ+0tp +TQmnr/NNEUiE0IR3dV18hccmNzK2rSotPmGMaXdrS90dO6UD311O/cMS6H2tpKiO +GUq0vtPomE2NO+JVRjRU5RzOzoDzVNz7EO2xpG8UmI5vFYpavvmChhBSZCPuGwkf +5iBTI0VhF2YwdZDI2E7jcLioWfpgpCNGtffaUrIZQH0/x28VjDXJq2fBxGEKMLZv ++GnfRCBBz6/+0UE7KjLseSF14DCLX1q9iHzxRrsK4i8mNe4nF/KqAZ34E6RiNV60 +mNf09xapoAgLjw7xe1mOgOt2mXpYb9RyQ6XodqgWEq3JFxULOuK0MkQgV1pn4l+n +A6OGWAdQTOid05N3W8kGY+r7rA7z+yUdaVvxGxZ2gCkTQfqDEhBbgfBmXgQiccVA +IUGYqh7Y7On/IDmrLI8QTAbioH/b8wuu6u89bVakhJzHJW6KkIEkbQ3Cj3+xyTI+ +UFlvH/rON+VZXvSdBloMa7xUBBLVymov2bR32zi+lijWdETvn0js5UPGzVijOuLW +sXwUK6nyeDoRKKy1Tr+KIDMGQcVpQiTwExJh51+DAMe1M8zmAY0/1nSBSoJyj6Da +gjZ1G/CYdwGEfz9k6Db7yYCIBqmIMPyn/RH00BpicdxWzbLOkRmoiw44AiTmkhoh +hZorlLMMSLhvkboFMG2Vvl2gjhaTveo3d34fD9uCvqcCFExS+yPqspWKWoJF3qBd +J6ThhDTU2zj0j+40H8AZQPqkTdZGsUoD/e299IDhaibDs/eECagh74E/bT2Ci8iJ +pIHxpDWod9QTKTGTM7luaWc1U5sa9LPWCquWmY8bA32eNIbdZsOh8nC/21O2s5YH +Pjj6ryZ7bNqAJ4hpGoE535SkbbGDoNJohuf1HvcLqkCoiPzSL/9VjYzn/O9O+JTs +xEubFB5eFt71Hj7uuoX7BQ3O7KC1N03z5Z8Snv2/DGZIoW5iLMYpdSYBZDiCqwZU +CsfPS8IwHYc18wXy98Y43GdPa+xM+ex0Yef2FacjJFBVZ01+fywOQI4MRR+wo66R +X1YQ8nJgvTufjAN8fPwwOTRnZNyEhRoj/m6uZiWMAW7HH5g/cgY5GcB5g8MraLCX +OMNrYBg3WL1VpJ3Rn4oiAqkURKyckzLp31bdpCyT+wVjOEeGFoifb6XluGehPooW +R25AzShAPgEc/snVeqiTgxTDZc9XM5cwY5k5uazO132WnpADaNOcTrnzOjcrNODQ +VbCZqOOizNr7kINdKC0QRjHb2iutytPeYvblry3sKffbVc5nN81Epj+gZC3QGjmI +nU9wzkXIkOudQ/2ZjKOfCgRD9+UKgCy+jOEYVs6LjsI3+bh5iQBtrciCe1mXjnDm +Ypsp9ObW3vs1b+ek51lgUYNLjfdEJa/Y3kNpxIq/W0vdRLoATQyATE2yTkpIKMql +PcFwckm7H083W6kUD5samYH17u67Re8mFdxNh02g7+jLv6xGq1vMPgHNr6KGKPg3 +e8y75wKZFJAYvslainSQQk86NOlv+wWLtE8puGDVf4sKb2dwb5AZbxmKZBdfXRtO +rdOcpzPXOyrbhp6KfkxP2hlhiX1tIKzw5W7/+g+GM8V04qNnVegL3PWIoo9Ef+Tr +WPet5pDX+JN00nebdDYilCRgElRFu9d3xy7UwpzVxI2RclFT/sdrUxMLUPQsF3Y3 +OzwzCdKeel5FXOhYgOa7r7XMJYNm7iYMnrAyTjpVqCaiQWO9mFZbxmjsePo7GtaV +33zwcrp/7BWsK0QF4Vm6/fIwHPkbqXFKqXBwmkIQTx45Jp1sl9qUbDR47gSYJqNV +TZf7fHGotushwCPdJtVZUbA+Qxc5HFwxDDZ8l9gjfNg0uOJtlHtIdlU7vKHXgjGO +sFnpJ9DPqxtZF5BdOaqAiKIR8zvzbVCMTgQ3/CTCGv+XeZ7YiRu/bYCd2vn9q0kp +dZ+ruqy2EZSF0X6rU2azesIqCTAn107tebNUR7hAgfZW52GGMtkytQjDa0FmcSav +EaFMXtRlNfxmRop1pTYjb7qYluoe93fMcrjFOcc0bXWTVQwjE35O0fqxnygGPfzV +hrMt2iukYz5p8WHxTTqykH07hkOadtYbnilEb8xZU7fTXQqaa3yyPL2sY+DilaTS +Z5JlCWWaEhsMdPiyP074Qp9WdLwJmHB8F0kmHCz5kAohy8mzC15Ts5Ml0+x0Vyvs +ASFXmHhhE19GOxSAK37BZLVrJbCEjJ2B4+9NSIRYdj5oTfZ+NXMi1a3swXizFoOO +JCv1Pji9MSiXN/c5921oSfTs4vnytSvF1S2C9wpFm7c29he4w0LBic2rqHtXX1DG +VS3QYFYqSxMNSHvX5k2vwINa2B6DbhaozcJ/tDr4Up6YYX1At0bxEFBb6vQYiZh6 +poOIKNNIwyptLXEQQKk0NBEvhFO24CWomJtsC9qBEmlfJODbzW5x4MU8gGefDh6q +LPnuA94zLPBjGuptj04g6IYIeUGUsCw+ookl8X4Kn6ewP0GVNJGgY8sDGTjQBgSI +D4kpzQo6ccmtAbcxavzXuouXOegpsX5+cW45VTE+fk6g2bVsXSpaLOo06YZy6x1i +1li706T1uhnLhJFM+yZRi6IaLQ+PBqS2qgUNgtnVIvWqPGjNbd2QBB677j2M0BTV +nzoOKH8FREedpWg64Nm2emsijX8JES7hE6IGki/klxWXhmh2xAecYTv110G7T8ob +hL73xu7BeDH+F4vv8jCsfN9oMM/IPYwPMu2Kj2dVTB5iB0bL/6wUXL0arV7xOZJw +/Vmk1disIkrIIYMjIxuNzlyYLbM5GHh8T0f0Biue0QzVWg5wWCbsQmbDhsZWUOaH +TR72k9xwtXqi7ZSW9nB/ckA823h+DR+xAgAQ/ZyUgUaA7+zNf4IRc27qbo0qwcMh +-----END RSA PRIVATE KEY----- diff --git a/agent/sources/client/tests/certs/agent.pub b/agent/sources/client/tests/certs/agent.pub new file mode 100644 index 00000000000..6a1281c09ad --- /dev/null +++ b/agent/sources/client/tests/certs/agent.pub @@ -0,0 +1,13 @@ +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAuok8JTvRssiupO0IfH4OGnWFqQg5dmI/4JsCiPEUf78iFBwFFpwu +NXDJXCKaHtpjuc3DAy9l7fmZ+bQmkfde+Qo3yAd2ZsId80TBZOy6uFQyl4ASLNgY +8RKIFxD6+AsutI27KexSnL3QLCgywnheRv4Ur31a6MVY1xfSQnADruBBad+5SaF3 +hTpEcAMg2hDQsIcyR32MPRy9MOVmvBlgI2hZsgh9QQf9wTLxGuMw/pJKOPRwwFkk +/5bhFBve2sL1OI0pRsM6i7SxNXRhM6NWlmObhP+Z7C6N7TY00Z+tizgETmYJ35ll +yInjc1i+0bWaj5p3cbSCVdQ5zomZ3L9XbsWmjl0P/cw06qqNPuLR799K+R1XgA94 +nUUzo2pVigPh6sj2XMS8FOWXMXy2TNEOA+NQV5+vYwIlUizvB/HHSc3WKqNGgCif +dJBmJJ8QTg5cJE6s+91O99eMMAQ0Ecj+nY5QEYkbIn4gjNpojam3jyS72o0J4nlj +4ECbR/rj6L5b+kj5F3DbYqSdLC+crKUIoBZH1msCuJcQ9Zk/YHw87iVyWoZOVtJU +Uaw3n8vH/YCWPBQRzZp+4zlyIYJIIz+V/FJZX5YNW9XgoeRG8Q0mOmLy0FbQUS/k +lYlpeW3PKLSQmcSLvrgZnhKMyhEohC0zOSqJU0ui4VUWY5tv1bhbTo8CAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/agent/sources/client/tests/certs/server.cert b/agent/sources/client/tests/certs/server.cert new file mode 100644 index 00000000000..e4970f49fa6 --- /dev/null +++ b/agent/sources/client/tests/certs/server.cert @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFqDCCA5CgAwIBAgIUQvjtL2wOxJ1dRgVgxBkC1JmcBu8wDQYJKoZIhvcNAQEL +BQAwNjE0MDIGCgmSJomT8ixkAQEMJDM3ODE3YzRkLWZiZjctNDg1MC1hOTg1LTUw +MDIxZjRlOGY0MTAeFw0xOTA1MTExNjU1MzhaFw0yOTA1MDgxNjU1MzhaMDYxNDAy +BgoJkiaJk/IsZAEBDCQzNzgxN2M0ZC1mYmY3LTQ4NTAtYTk4NS01MDAyMWY0ZThm +NDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+uH/g4tR/q9n7Yh7W +6xklxzzrPN04A/A1wgC8LULsqz5p+bVguf0KSA6jYTZGLKJC9jLCz3VJgPsw2XH+ +tJ5Og5VKWH4YsVxfUoR3UBUXUSFBDRb9RHyan4ZMJ0TtzTzcALzzVYpz4FxP/Viu +LQPlbTZhdOC4VBcrcO8gM0IO2LDULHRQcpWtdvhbZfac5p7Oyd0lej2SG8bucK0t +HPcCt3ZS8tEmke+ekQCGfHzdAP7q9PZmzPICqTHOBq/ugZEcGN5tyU+BrCvXzzBM +28DvDFOsABQK4s1ltrLu4g7ojwBdFZUxJpHWVBSJc/Yvyjgia7h4zRGv29x3yUbh +x1NHpQnBiy0L87pvA1hkWfprgXgRYEQyrELJm0MrjIt0oCDDb7z24mk6aPLfjU+J +d4W1+Zk9NB8KFilnhixkMGsBPjsaMIMGF9S588LqdezCEDNuXTC45HE8roMYiUOM +yP1C+08a2oEWF8GvS8bydntGK/2lwamLR/9U1c9Z+WehuOSdO1yIVN3Vr/Kswar5 +NX1Exxf59QmL5qP18fK9lLBPdnj4gJ82iKXZIgfMFi66M4wFGN0gSxCRa9sUHskf +nc+PCBqKffpRoRlePzD2ApBCjMBMKFzBBppPM9jveg+avRpD7T9tCO9nCWa99bYR +woCbbzs588x4DdRdMJVmzXZtTQIDAQABo4GtMIGqMAkGA1UdEwQCMAAwHQYDVR0O +BBYEFLBbJ0Qa8pwlnUS8gwmzmWvP3GAWMHEGA1UdIwRqMGiAFLBbJ0Qa8pwlnUS8 +gwmzmWvP3GAWoTqkODA2MTQwMgYKCZImiZPyLGQBAQwkMzc4MTdjNGQtZmJmNy00 +ODUwLWE5ODUtNTAwMjFmNGU4ZjQxghRC+O0vbA7EnV1GBWDEGQLUmZwG7zALBgNV +HQ8EBAMCA7gwDQYJKoZIhvcNAQELBQADggIBAAu8iyiclSgfhOrMWp7YwHzhReA3 +5xnYUv7/pjFyTHs1Lnr8mQTwjOKu39So1vuqmwYOAXEyDIFohFBrPqT16eNOgwx8 +OxIUUJa8EfRWX+3UPLbKuI2aSdwA7qH8deSC9RjcVIlzEbTQgG/eoOQy0trzrLao +j0paIan/fYp8YFmv6exGL2TTWiOPJdVfq0BMn49iT3cF8WGqRloSxrP9gvHn69NP +Y+6tROEDYx8MUoPWX+kKQQN+jRnJKl6/y2/SfYjSmRu9waArJzI8oO0R5Q5XDgkh +fyCD/HgvCLkUetyt2Wt75P9tf1XieES+PLnVfX9mX9OWxcaFds7LoGqsQaQmQ9cK +CBdBDjNtL84RIrGVO5mYTZXaXeCD64fhaWDtiSem6roHt4tnqSM0SN9xgIHI7iBw +eWfmFwLf6ZVNWfp6jJYyqWBNK7SRlkVxn6oWz61lEBxX9HF0uNo6BZDHwPCd5cDq +9UwHfeM6rBElF/ez1nF/+Z3jCTEzqxLgiC5WumTzSqpdp/4WHP7267N25J9eT/Vk +0/CNMa4P6+ybjm8XOnBWwlFDrPSdrdKjv1fVaWtQGy2yuAj6Py8BQtH5VRc4onea +62a2lkgoU2LUnl0UvGCi4PoDI7qWtMothkFEXZQYjCadTmzifLI8xwqi2j9XRBCF +ynLWaSRp54YXfsmN +-----END CERTIFICATE----- diff --git a/agent/sources/client/tests/certs/server.nopass.priv b/agent/sources/client/tests/certs/server.nopass.priv new file mode 100644 index 00000000000..0a4567c379f --- /dev/null +++ b/agent/sources/client/tests/certs/server.nopass.priv @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAvrh/4OLUf6vZ+2Ie1usZJcc86zzdOAPwNcIAvC1C7Ks+afm1 +YLn9CkgOo2E2RiyiQvYyws91SYD7MNlx/rSeToOVSlh+GLFcX1KEd1AVF1EhQQ0W +/UR8mp+GTCdE7c083AC881WKc+BcT/1Yri0D5W02YXTguFQXK3DvIDNCDtiw1Cx0 +UHKVrXb4W2X2nOaezsndJXo9khvG7nCtLRz3Ard2UvLRJpHvnpEAhnx83QD+6vT2 +ZszyAqkxzgav7oGRHBjebclPgawr188wTNvA7wxTrAAUCuLNZbay7uIO6I8AXRWV +MSaR1lQUiXP2L8o4Imu4eM0Rr9vcd8lG4cdTR6UJwYstC/O6bwNYZFn6a4F4EWBE +MqxCyZtDK4yLdKAgw2+89uJpOmjy341PiXeFtfmZPTQfChYpZ4YsZDBrAT47GjCD +BhfUufPC6nXswhAzbl0wuORxPK6DGIlDjMj9QvtPGtqBFhfBr0vG8nZ7Riv9pcGp +i0f/VNXPWflnobjknTtciFTd1a/yrMGq+TV9RMcX+fUJi+aj9fHyvZSwT3Z4+ICf +Noil2SIHzBYuujOMBRjdIEsQkWvbFB7JH53Pjwgain36UaEZXj8w9gKQQozATChc +wQaaTzPY73oPmr0aQ+0/bQjvZwlmvfW2EcKAm287OfPMeA3UXTCVZs12bU0CAwEA +AQKCAgBXAQHNTI0WJQaPCEb7Ukqpkkd3JM/iQuGtFHCTZ651GvWhELougwotS4vp ++mnw/2GSXI/xkQR3YLC2qyu2vxzMwngzb0Uu7JIwJguqBk1o0qjx7Q/EwB57xzRT +v0JRnWQbFPcdprM/g2V5VCDFbGGvou/A67msPShIt/9OWDPVZALe99yj6nHfrTtF +LrGfCBIAUdRhyW8XHTbWBW7q+qCwi5Md6gmBp+eBFbMApv+rLk4cT12sreflUNwY +mbJegpr5D1tBCCoOBMYHcEwfc8yDAMOW3n5GLQr4UK02DsgwTTQkQrlJr8et17N6 +tPzk9kI/aZbA/QQJjqn3t0lvrCeP6Mb2wgXppIWCPskfgPLDAgUAtta9pBx5N3oz +BNYHcOYcDEtmqh1rf6qr6rhjYikKnDtQzjjEXNsCSyY5HOfweRvyW8VLdnbvE0JI +aVdTkdVZrO0WzpW+RJvQn7mCdF8dn5SNcaH5jc96rPrqM+XRpFXVuSe4uBnznHJM +LH/cH/Xv2obmZJo10XKBNNS8K1Gi5EqNSiBC1dCyvK2FRWKdHycQ+Hiv9W9ZIQth +h+CsX62jQHUcVeJZwCVOsI8cm0YQY1xoJDyW3H4ovZtZSb14uBoPN5I6nZDVLTlf +2nGJDjEjzmFUGlEUyM3ZVw0wDnbgSggs+ghiGHE7zx7G7N0OfQKCAQEA48b13pfA +VoLVgvPjz3zFIpoTQKi84hrrn3xDppnpQ7N7w9GAkA70GlFDz/27kslwNxGvazus +KbJ4qWImivKesYk5VMmWdSBQAJyL/fOGU73O6glv5boeMXan/6xOml7Sx/r0TF1f +TWejPn+CN/8/13ioHKR5cp8g29tgFEeyOdaJYpeQmi//KsQUVTgeJ/R7heBTudYo +MuRd+nLoIFr398uEV7phf/CLiLhY+FZmWASuMS4s3zO++0T74kgqlTllojpPFvdP +nsO/RYprZeWH7irQ+h++A/Bhlqk+2TQTVHycuoKAY0h61FJArBEHumph2CbBl/M2 +wGAHbAcObryNMwKCAQEA1lodq8XFmFf8YaYzlBrALjawDvLoPYvO+2WLGFOETCLG +rdniHQ62OtmT8+DwIZQdgQ864mIQi6ax19Pn6BivQz+qJRWRrtxEzZLT0Men6GVB +Twvi/W0apjwQQxWIeS/VYV537xDonmqEginyZAGU48dKodkIWPZNN0WDhFk00CtS +IvwWMOzbJ9Y/g49aOeHjXPckLLdo9YFwygDbhISWKt9bNj8AqyzD+avEo+AvnfZo +Qsd57u9dDI5UZjS4xAcQcUiBM0T7nK+jlX3TmZYdU2NNA3aygV8KbVdyMMJtY4uG +nM/cbHojg9fa/8LLM4R/eK2j5gOJaStPVYszyNgbfwKCAQBKWHOCDwgRdKzaDF8M +J051B9NG5IyaRG0p5jZyl4QCu/+mn6gV3Tuhp2q55bimpadB4jzehGCiT4WAy++G +pMBVdFPJL+8zFbPnLzGmVyk+BhMWYrQqSIB4ZqFZG1Wgn1ivO2Mn1cY4jp5C1P2c +52xgGRrOFoUpe3UPLeCDXg93P2YiTxQ8r3Pa8pssYZ++LNdwkBLj8lm2msFt8LmB +bg/Hyp7Mv6H5T3tLydgIXrMTAZwVo1u0EsDAZPjOF/4GLPDWba/I8DoFuSCiQxbg +8HVYsJL7QQcVZA2GToGcBZpVlkLVwajEPzEQQjSntPtPxk9fbO79eL4jNnTVtsvo +KxTvAoIBABtm5cghvkLdbJwnHQzf5pWB1Dv0/Y9wogMtVfzEIHODNpbe9bL1QIKB +chKJPOlt/9+RzNtH4gmYQ7/tjQX0seMM7nlTKo6KBhmpnX5hJ6vj1dd/E4OGQRPj +Ncj9pbaoUMTjyL09Eh++SjZBmoUCVsBPp9DM5+5HflOEhW2T4daC0zs5srSKcvHC +x9fPqZ8gq2olBfDZeYd5BqwsM+Pa9z9/0i87GqDHVj5CoR65+BxfdbCjw4ix/Nkw +EMYIE16r8IQq2qltNiUvpt/jd/t4X0NbvGqm7+bt+W1E8oodMNK68Xh2ch1D9+pQ +2+Q6SLPLSmho+jzbUuOo77ll1DbmuY0CggEBAMV2jOFFjvurnCgNU/LeE5naI1fH +Zi3eSAcDhOjx85AvwyB8mwMb0sW6DRstRvoYlcslitGbNomVo1GPxFEhB10HN09f +xuS1ftXEtxWgriYjHcxlvd1vZKasq0iVPFyQrfjxAGWBpdWjp/90EYZcYlF0ojAu +yB7LqwCAPyd6lYKpiFeKt2K+N+jyirCzoQ6f4HfIvYgHwlanPg0JQT+cYzBIij0B +ZoJOCvJNwcmC/JbJztk387gokOMMWYAHy4WCZTTldmLhMe+jQSWCeqxEA2nSye26 +lJd6cqz2bL0+QwcTYfKfjSW7ro8h4T0PSwwKTzdIUIAhn2w+1/yAGlO3VYg= +-----END RSA PRIVATE KEY----- diff --git a/agent/sources/client/tests/certs/server.priv b/agent/sources/client/tests/certs/server.priv new file mode 100644 index 00000000000..30603bde44a --- /dev/null +++ b/agent/sources/client/tests/certs/server.priv @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,89EE475F5EC10D72 + +c+z8HmuS9xUrfZCb2jHrzzuNbkvSB7UpmYDQoQUKdKXfcTCDzYTIic9LSaDIMsG9 +AH6zcF4NVVPFZ4Mo+QAnpiiuXxX6kqGtX4f54hhhZEYJOFKLAfU1LLJwghVmO3S/ +9Py+H2aZqalbKUA3dC9z00WRoFhGWGuE8HB5dMUfUK+GkW0/6RXZ4jrkrld9RMdk +0JaMy7XsVVRb8TE8ea1RpyoasRwRoytMQ+92lYGkMhB5VYl95ECVmDMW/h9xadGO +UkvTcRnEhN3+UV6koMVvIDQ9kco1sRfOOCTfL19gbbuNviKDBU4zghWFDKP8RXmP +yyMpGm8NLRHxfDPYETlQPmU4nDKWbILudYqcgfTL0avTP0zPONq9CGAru1yORh9C +aBMHQs4zGJfUJX+hC/UG51jvOz15kI8/0b7y+l4u3fd1Gsd0g4akrTvz9JfnCjWe +V1ZqU75znmit43weBOwitOrkLKGY5g/cZBGPu/Iu14B6g47zgiDys2WR4br9SsxR ++c9bNLgoPC1NklEUqJx8xyhWlEW20EtA6BfW4JXhI0bZ1xrN0JHq85CQq70NPcW1 +hSdfy83xD8YK541AASNtx32ZUqJstJo+scjAT2ZUDRbKWYulJJWUde5k6cR/2geZ +vROBCOVTX0nfZGpSoKMIEbTIvfggKuOPclYaU+bpgOldLTw3A2pzogFfEUqLJbdH +kWwSxDzb48Hug4lN4mq+sZBsz+Ga8lQgRSMooytwjOnM8YGw97456EDwcl+nKUO7 +D6DPBABrl+O0UmmBNyjDNlR2Lbs16xj10kvE+P/8U7l9BF6m2EewhGYDK0xOG4r1 +r+7GflwZ2exU7Ciuu+X5Ls6qE9X1FqWQ/oUaultkIP675pO9Gi+9yTu6WbAOEDgS +MSASWwQah5D4rRxg/CwPz00rwyxs9fLVTdBxGj4RkbGkFbuwkSg4BHhhuh08GQVD +vRvU//q3oAC0PILjDQgdGXrd424dCjb6/gB6iW7m3arFvOjCKpDvvcFUHiQoHfI2 +3QcRurRWUVI3LxBQQMqvYp2L9ljBLYXmcm4HBjA2myajytgoxyCDpwIBjNLLsVup +W6iw+FVKEp0Jaw8K7uEdl6gMBKpXzcgR31SAUP1q2RAdTcYTIawNCx3fSSPXvV6n +J7tSYIkFYelq1jTlRIGtz3p35fKQb48rMnv0PQIZenSlYuzVaeYc6Ha0/ac26t5t +fqo7Rjd/QWW7nil7ht25VzVkwWoIut6iV7zBeXHXZkIhKUQIXekiq9WfqAEO+rhw +eOcBctiTcXtHJmEFqv1iWVJLi/eYRinLgaR0fVnpyiHoNfpkBnqqb5vnhEH+Mre0 +g7thufUrX9ohrGFaimJvQcwwwnAwEUvKA8oCWw17XMKiodaIGYOtV88ZC5ddt7K7 +/YMSQitlcWGXfx+lJ44cCjKZW80lT5znkeuXsbEVFQhbLVHsTEBT+/IPQ17NcRFU +/tqownwD/WSSQKKZEUJXLNgX+x5I1Aq6X29/CP/oUWS8u3KncFw9bYoQoZd+PPpi +7ULvEDq57pZT9JbDmWUw2tMdwaiBJRyjyfOWBIKf1dMhUxidRVwIFyFfgpDXMMS8 +NjatIRMdDdrKqrRjsstJfnBuDHE0SXKd3d987CUkQgtvlFZmjMCcbgz3ox0pcK2x +3DbKoLcBfaZ8nGB7GNmdt69aXiChBSuo/ofgvKmrI3bG01TRy0xVWxQRRxAt+1go +v9kkL4lSaLKbcr8Vn/RZuk5orfoTKu8p7qef83IMEj79OdKoioRtwCtqkCx0BlD8 +IgoSiErWtmGkaVi5OUdrmn4NRE1AjJslIMxY0P2MvoqyCNQV+pLc3QB39anMxgvX +OvdWSywNQcQuoNDUAeSq7L+0gdZFjrrmPpBzyxxVxBQxvGedDNhS3Zvdw67b4SXV +gxOUUHGfRxTLCe9A+Csbhs8lh7UHMHouEAlU9p1QAWDk/udThiBySxiPpYGtYX/w +UhqQBr8pOxPZPt+xpIcfrbYquGLW3dbljGOWjS7NgZrNOKeF/UzsPmgG20vI2ZV7 +60oli4JH3rbppDjDDhgfuKhMI+8lW9GyKZy4H39a+HB8s49iaiHw9N9LdzKLvN71 +NrhLAHI3B96puzqJSXtINEhRt80BbZnCOFOllmKJyIxB6KuO3VLuEKW+vQ/3XVDi +99J58pg6oxfIUpHgX0DAGpdKR+zGPUyqhGzZqTVwTvPY1PDdMxA1VOfgypbuENSr +7H/kCVoBjkVm11MaFrErbDSkXCAygShAuQpCjy2Pg8j1imqt3cC6L6EwwEiP+JYD +beeVTgo/HgIsm7AFdaYla99Kj85hboAgs8shjcP1c8MJzXRvZkycNA2IGrE/euEj +WCqhk7febn3FQY69XoZRNeQghWPWAe0w9W22jvRdmAaX8Y6cqgFFUfAP/Ugcqtux +/dz4GzQEuFE3ZpVBXgzlKPSdaJWQ4/54A0bboTBrmcoPEfO8GlwLFERrz1J27hZw +dVexXj7Wv7xkY7MS87t4cj86WrD4gwKsfg/YPj/0GlDppgeAji+A2wXPqlBWg3fU +Uf+ahrNfxokE79CB4jq451DPefPm8AqbT3Qtdbm2vy3aan159RcyRJl6rRBQeT8c +7tcAchhB7R1TspU+NvIlUBp6jSvJE0nYEZ+kUs5xWoMQfdMp9WkjL40VvMWI19+f +5WfErNiC80KDifWvf+0GNCoOMGSzHdF+H9qzsqEYzwcBvptkHT69eRM3HGVr2qkQ +ObVvMwmjFQoLG3Aw9Xh6imYxZ69RKuu4QIMbseRY14SyCmYL1OLCfAS+OECJJTul +6lqrpZcUUrtv0ZQUEniX9Y2xk42AA465gtvOwSLJy8MFYrEUb7RKX9hrsWTItkDt +jej0GmmP2l25dMROPfNh6cuHj701oyeaFT/WO8bOukkIaYwY3rCMhoewF8+YTmta +qq2KuEKrbBDLU6hfUMJ1Uc6DDigFRuOHBX8YWh3skNX9IAGgeTChAz4nY+Rtokir +bpprpXs0E5Y0xlbq3lxg09hNXIC2mjjrMsFp8r0SVonC03e1FJMtDo2K0MHGIFDy +RRoKQo1qu+5R8stMdMHgm5TKyYGBOx9+YCBPQH2iHfX3ZQAxquZjUOigyzzBUvXc +-----END RSA PRIVATE KEY----- diff --git a/agent/sources/client/tests/certs/server.pub b/agent/sources/client/tests/certs/server.pub new file mode 100644 index 00000000000..c8fcb1d182f --- /dev/null +++ b/agent/sources/client/tests/certs/server.pub @@ -0,0 +1,13 @@ +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAvrh/4OLUf6vZ+2Ie1usZJcc86zzdOAPwNcIAvC1C7Ks+afm1YLn9 +CkgOo2E2RiyiQvYyws91SYD7MNlx/rSeToOVSlh+GLFcX1KEd1AVF1EhQQ0W/UR8 +mp+GTCdE7c083AC881WKc+BcT/1Yri0D5W02YXTguFQXK3DvIDNCDtiw1Cx0UHKV +rXb4W2X2nOaezsndJXo9khvG7nCtLRz3Ard2UvLRJpHvnpEAhnx83QD+6vT2Zszy +Aqkxzgav7oGRHBjebclPgawr188wTNvA7wxTrAAUCuLNZbay7uIO6I8AXRWVMSaR +1lQUiXP2L8o4Imu4eM0Rr9vcd8lG4cdTR6UJwYstC/O6bwNYZFn6a4F4EWBEMqxC +yZtDK4yLdKAgw2+89uJpOmjy341PiXeFtfmZPTQfChYpZ4YsZDBrAT47GjCDBhfU +ufPC6nXswhAzbl0wuORxPK6DGIlDjMj9QvtPGtqBFhfBr0vG8nZ7Riv9pcGpi0f/ +VNXPWflnobjknTtciFTd1a/yrMGq+TV9RMcX+fUJi+aj9fHyvZSwT3Z4+ICfNoil +2SIHzBYuujOMBRjdIEsQkWvbFB7JH53Pjwgain36UaEZXj8w9gKQQozATChcwQaa +TzPY73oPmr0aQ+0/bQjvZwlmvfW2EcKAm287OfPMeA3UXTCVZs12bU0CAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/agent/sources/client/tests/config/agent.toml b/agent/sources/client/tests/config/agent.toml deleted file mode 100644 index 67fd742360e..00000000000 --- a/agent/sources/client/tests/config/agent.toml +++ /dev/null @@ -1,9 +0,0 @@ -server = "rudder" -server_cert = "/tmp/cert" -insecure = true -unknown = "ignored" -agent_cert = "/tmp/client.cert" -agent_key = "/tmp/client.key" -cfengine_port = 5308 -https_port = 4443 -proxy = "https://proxy.example.com" \ No newline at end of file diff --git a/agent/sources/client/tests/config/complete.toml b/agent/sources/client/tests/config/complete.toml new file mode 100644 index 00000000000..37601ac90e4 --- /dev/null +++ b/agent/sources/client/tests/config/complete.toml @@ -0,0 +1,12 @@ +server = "rudder" +my_id = "root" +server_cert = "tests/certs/server.cert" +insecure = true +unknown = "ignored" +agent_cert = "tests/certs/agent.cert" +agent_key = "tests/certs/agent.priv" +cfengine_port = 5308 +https_port = 8443 +proxy = "https://proxy.example.com" +tmp_dir = "/tmp" +policies_dir = "/tmp/policies" \ No newline at end of file diff --git a/agent/sources/client/tests/config/test.toml b/agent/sources/client/tests/config/test.toml new file mode 100644 index 00000000000..dd315d875e2 --- /dev/null +++ b/agent/sources/client/tests/config/test.toml @@ -0,0 +1,9 @@ +# used in integration tests +server = "127.0.0.1" +my_id = "e745a140-40bc-4b86-b6dc-084488fc906b" +server_cert = "tests/certs/server.cert" +agent_cert = "tests/certs/agent.cert" +agent_key = "tests/certs/server.priv" +https_port = 8443 +tmp_dir = "target/tmp" +policies_dir = "target/tmp/policies" diff --git a/agent/sources/client/tests/config/uuid.hive b/agent/sources/client/tests/config/uuid.hive new file mode 100644 index 00000000000..39636230d95 --- /dev/null +++ b/agent/sources/client/tests/config/uuid.hive @@ -0,0 +1 @@ +toor \ No newline at end of file diff --git a/agent/sources/client/tests/run.c b/agent/sources/client/tests/run.c index d7871935f67..98be21311f6 100644 --- a/agent/sources/client/tests/run.c +++ b/agent/sources/client/tests/run.c @@ -44,17 +44,20 @@ void test_config_complete(void) { Config config; config_default(&config); - bool res = config_parse("tests/config/agent.toml", "tests/config/policy.toml", &config); + bool res = config_parse("tests/config/complete.toml", "tests/config/policy.toml", &config); assert(res == true); assert(strcmp(config.server, "rudder") == 0); - assert(strcmp(config.server_cert, "/tmp/cert") == 0); - assert(strcmp(config.agent_cert, "/tmp/client.cert") == 0); - assert(strcmp(config.agent_key, "/tmp/client.key") == 0); + assert(strcmp(config.server_cert, "tests/certs/server.cert") == 0); + assert(strcmp(config.agent_cert, "tests/certs/agent.cert") == 0); + assert(strcmp(config.agent_key, "tests/certs/agent.priv") == 0); assert(strcmp(config.proxy, "https://proxy.example.com") == 0); assert(strcmp(config.user, "rudder") == 0); assert(strcmp(config.password, "s8hOkUYiQJ54KbefibxM") == 0); + assert(strcmp(config.tmp_dir, "/tmp") == 0); + assert(strcmp(config.policies_dir, "/tmp/policies") == 0); + assert(strcmp(config.my_id, "root") == 0); - assert(config.https_port == 4443); + assert(config.https_port == 8443); assert(config.insecure == true); config_free(&config); } @@ -66,6 +69,7 @@ void test_config_minimal(void) { bool res = config_parse("tests/config/minimal.toml", "tests/config/not_there.toml", &config); assert(res == true); assert(strcmp(config.server, "rudder") == 0); + assert(strcmp(config.my_id, "toor") == 0); assert(strcmp(config.server_cert, "/var/rudder/cfengine-community/ppkeys/policy_server.cert") == 0); assert(config.insecure == false); @@ -78,8 +82,8 @@ void test_config_empty(void) { // file exists but no server in it, should read policy_server.dat bool res = config_parse("tests/config/empty.toml", "tests/config/empty.toml", &config); assert(res == true); - printf("%s\n", config.server); assert(strcmp(config.server, "rudder") == 0); + assert(strcmp(config.my_id, "toor") == 0); config_free(&config); } @@ -89,18 +93,27 @@ void test_config_absent(void) { // will read policy_server.dat bool res = config_parse("tests/config/not_there.toml", "tests/config/policy.toml", &config); assert(res == true); - printf("%s\n", config.server); assert(strcmp(config.server, "rudder") == 0); + assert(strcmp(config.my_id, "toor") == 0); config_free(&config); } +/// INTEGRATION TESTS + +void test_get_server_id(void) { + char* args[3] = { "get_server_id", "-c", "tests/config/test.toml" }; + start(3, args); +} + +/// MAIN + int main(int argc, char* argv[]) { #ifdef __unix__ if (isatty(STDOUT_FILENO) == 1) { color = true; } #endif - log_set_level(LOG_DEBUG); + log_set_level(LOG_TRACE); printf("\nrunning tests\n"); @@ -109,6 +122,7 @@ int main(int argc, char* argv[]) { test("config::empty", test_config_empty); test("config::absent", test_config_absent); test("logging", test_logging); + test("command::get_server_id", test_get_server_id); printf("\ntest result: %s. %d passed.\n", green_ok(), nb_tests); } diff --git a/agent/sources/client/tests/server.py b/agent/sources/client/tests/server.py new file mode 100644 index 00000000000..1db4d17ac8e --- /dev/null +++ b/agent/sources/client/tests/server.py @@ -0,0 +1,27 @@ +from http.server import HTTPServer, BaseHTTPRequestHandler +import ssl + +# only tested on python3 + +# This server uses HTTP + +PORT = 8443 + + +class PolicyServer(BaseHTTPRequestHandler): + def do_GET(self): + """Respond to a GET request.""" + if self.path == "/uuid": + self.send_response(200) + self.send_header("Content-type", "text/plain") + self.end_headers() + self.wfile.write(b"root\n") + else: + self.send_error(404) + + +server_address = ('', PORT) +httpd = HTTPServer(server_address, PolicyServer) +httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True, + certfile='tests/certs/server.cert', keyfile='tests/certs/server.nopass.priv') +httpd.serve_forever()